auth

package

v0.9.0 Latest Latest Go to latest Published: Jun 30, 2025 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/regclient/regclient

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth is used for HTTP authentication

Index ¶

Variables
func NewBasicHandler(client *http.Client, clientID, host string, credsFn CredsFn, slog *slog.Logger) handler
func NewBearerHandler(client *http.Client, clientID, host string, credsFn CredsFn, slog *slog.Logger) handler
func NewJWTHubHandler(client *http.Client, clientID, host string, credsFn CredsFn, slog *slog.Logger) handler
func ParseAuthHeaders(ahl []string) ([]challenge, error)
type Auth
- func NewAuth(opts ...Opts) *Auth
type Cred
- func DefaultCredsFn(h string) Cred
type CredsFn
type Opts

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrEmptyChallenge indicates an issue with the received challenge in the WWW-Authenticate header
	//
	// Deprecated: replace with [errs.ErrEmptyChallenge].
	ErrEmptyChallenge = errs.ErrEmptyChallenge
	// ErrInvalidChallenge indicates an issue with the received challenge in the WWW-Authenticate header
	//
	// Deprecated: replace with [errs.ErrInvalidChallenge].
	ErrInvalidChallenge = errs.ErrInvalidChallenge
	// ErrNoNewChallenge indicates a challenge update did not result in any change
	//
	// Deprecated: replace with [errs.ErrNoNewChallenge].
	ErrNoNewChallenge = errs.ErrNoNewChallenge
	// ErrNotFound indicates no credentials found for basic auth
	//
	// Deprecated: replace with [errs.ErrNotFound].
	ErrNotFound = errs.ErrNotFound
	// ErrNotImplemented returned when method has not been implemented yet
	//
	// Deprecated: replace with [errs.ErrNotImplemented].
	ErrNotImplemented = errs.ErrNotImplemented
	// ErrParseFailure indicates the WWW-Authenticate header could not be parsed
	//
	// Deprecated: replace with [errs.ErrParseFailure].
	ErrParseFailure = errs.ErrParsingFailed
	// ErrUnauthorized request was not authorized
	//
	// Deprecated: replace with [errs.ErrUnauthorized].
	ErrUnauthorized = errs.ErrHTTPUnauthorized
	// ErrUnsupported indicates the request was unsupported
	//
	// Deprecated: replace with [errs.ErrUnsupported].
	ErrUnsupported = errs.ErrUnsupported
)

Functions ¶

func NewBasicHandler ¶

func NewBasicHandler(client *http.Client, clientID, host string, credsFn CredsFn, slog *slog.Logger) handler

NewBasicHandler creates a new BasicHandler

func NewBearerHandler ¶

func NewBearerHandler(client *http.Client, clientID, host string, credsFn CredsFn, slog *slog.Logger) handler

NewBearerHandler creates a new BearerHandler

func NewJWTHubHandler ¶ added in v0.7.2

func NewJWTHubHandler(client *http.Client, clientID, host string, credsFn CredsFn, slog *slog.Logger) handler

NewJWTHubHandler creates a new JWTHandler for Docker Hub.

func ParseAuthHeaders ¶

func ParseAuthHeaders(ahl []string) ([]challenge, error)

ParseAuthHeaders extracts the scheme and realm from WWW-Authenticate headers

Types ¶

type Auth ¶

type Auth struct {
	// contains filtered or unexported fields
}

Auth is used to handle authentication requests.

func (*Auth) AddScope ¶

func (a *Auth) AddScope(host, scope string) error

AddScope extends an existing auth with additional scopes. This is used to pre-populate scopes with the Docker convention rather than depend on the registry to respond with the correct http status and headers.

func (*Auth) HandleResponse ¶

func (a *Auth) HandleResponse(resp *http.Response) error

HandleResponse parses the 401 response, extracting the WWW-Authenticate header and verifying the requirement is different from what was included in the last request

func (*Auth) UpdateRequest ¶

func (a *Auth) UpdateRequest(req *http.Request) error

UpdateRequest adds Authorization headers to a request

type Cred ¶

type Cred struct {
	User, Password string // clear text username and password
	Token          string // refresh token only used for bearer auth
}

Cred is returned by the CredsFn. If Token is provided and auth method is bearer, it will attempt to use it as a refresh token. Else if user and password are provided, they are attempted with all auth methods. Else if neither are provided and auth method is bearer, an anonymous login is attempted.

func DefaultCredsFn ¶

func DefaultCredsFn(h string) Cred

DefaultCredsFn is used to return no credentials when auth is not configured with a CredsFn This avoids the need to check for nil pointers

type CredsFn ¶

type CredsFn func(host string) Cred

CredsFn is passed to lookup credentials for a given hostname, response is a username and password or empty strings

type Opts ¶

type Opts func(*Auth)

Opts configures options for NewAuth

func WithClientID ¶

func WithClientID(clientID string) Opts

WithClientID uses a client ID with request headers

func WithCreds ¶

func WithCreds(f CredsFn) Opts

WithCreds provides a user/pass lookup for a url

func WithDefaultHandlers ¶

func WithDefaultHandlers() Opts

WithDefaultHandlers includes a Basic and Bearer handler, this is automatically added with "WithHandler" is not called

func WithHTTPClient ¶

func WithHTTPClient(h *http.Client) Opts

WithHTTPClient uses a specific http client with requests

func WithHandler ¶

func WithHandler(authType string, hb handlerBuild) Opts

WithHandler includes a handler for a specific auth type

func WithLog ¶

func WithLog(slog *slog.Logger) Opts

WithLog injects a Logger

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL